OpenSolaris

What we cover:

Security projects in OpenSolaris: including but not limited to:

• Cryptographic Framework
• IPsec (joint with networking community)
  • kernel extensions to TCP/IP and
  • user programs that control IPsec
• GSS
  • kernel
  • libgss
• Kerberos
  • kernel
  • userland
• SASL
• SSH
• RBAC
• Solaris Auditing
  • libbsm
  • c2audit kernel module
• Trusted Extensions
  • Labeled Networking
  • Label-aware Filesystem Mounting and Sharing
  • Labeled Printing
  • Labeled Desktops
    • Trusted JDS
• Kernel SSL

  The technologies themselves and using them in other parts of the
  system.

• Questions/FAQs/Docs on secure programming for OpenSolaris.

• Place to discuss future/past/present security related changes for OpenSolaris. A place for Sun and the whole OpenSolaris community to share ideas for
  improving OpenSolaris security.

The charter does NOT include:

A place to report security bugs/vulnerabilities in the binary Solaris product or other Sun products including the OpenSolaris source.

• For security vulnerability information contact security-alert@sun.com for now.  In the future we may have an opensolaris.org mail address for this.

We believe in full disclosure, but please don't send security vulnerability information to the security-discuss alias, due to agreements on responsible disclosure with groups such as CERT and other vendors it may be prudent to
contact these discussions in a controlled manner with a reduced audience.

We have this process already documented on the SunSolve security pages.